Encryption techniques are often utilized to protect multimedia content signals during their storage or transport from one location to the next. The encrypted content may be securely broadcast over the air, through the Internet, over cable networks, over wireless networks, distributed via storage media, or disseminated through other means with little concern about piracy of the content. The level of security of the encrypted content depends on, among other things, the strength of the encryption algorithm and the encryption key management and safekeeping.
Before describing the details of the present invention it is beneficial to review some common encryption algorithms and techniques. More detailed descriptions may be found in, for example, “Applied Cryptography” by B. Schneier (John Wiley & Sons: New York, 1996; ISBN: 0-471-12845-7). One class of encryption algorithms, called Stream Ciphers, converts the unencrypted content into an encrypted ciphertext one bit at a time. In this case, the content (i.e., the plaintext) is treated as a stream of bits, pi, that are XORed with a stream of encryption key bits, ki, to produce the encrypted (i.e., ciphertext) bits, ci. Equation (1) describes this process mathematically:ci=pi⊕ki   Equation (1)The encryption key bits, ki, are typically generated independently using key stream generators known in the art. At the decryption end, the encrypted stream is XORed with an identical key stream to produce the original content. The decryption operation is mathematically represented by Equation (2).pi=(pi⊕ki)⊕ki   Equation (2)
In another class of encryption algorithms, called Block Ciphers, the content is processed in blocks of fixed size. So for example, a digital content may first be parsed into blocks of 64 bits and then each 64-bit block may be encrypted according to the encryption algorithm. Some of the most widely used encryption algorithms such as DES and AES are block ciphers. Block ciphers may further operate in different modes. In particular, in Electronic Codebook (ECB) and Counter (CTR) modes of operation, each block is encrypted independently from other blocks in the content. In Cipher Block Chaining (CBC) mode, Output Feedback (OFB) mode and Cipher Feedback (CFB) mode, each encrypted block has a dependency on the neighboring ciphertext and/or plaintext blocks. Cryptographic algorithms may also be classified as symmetric or asymmetric algorithms. In symmetric algorithms the same key is used for encryption and decryption, whereas in asymmetric algorithms different keys, and possibly different algorithmic steps, are used for encryption and decryption of the content.
While access to an encrypted content may be limited to entities with proper authorization and decryption keys, once a content is decrypted, it may be readily copied and disseminated. This is particularly true for multimedia content that must inevitably be converted to audio and/or visual signals (e.g., analog format) in order to reach an audience. Watermarks are particularly well suited to plug this so-called ‘analog hole’. Digital watermarking is typically referred to as the insertion of auxiliary information bits into a host signal without producing perceptible artifacts. Watermark bits embedded into a host signal are designed to be imperceptible, robust to common content transformations, and resistant to intentional attacks that are targeted to remove or alter the watermarks. The detection of watermarks as well as the extraction of information carried in the watermarks may be used to trigger a variety of actions and enable a myriad of applications. Some of these applications include copy control, broadcast monitoring, rights management, authentication and integrity verification, forensic tracking and covert communication. Numerous watermarking algorithms and applications are described in the prior art.
Due to the complimentary roles of digital watermarking and encryption in the safekeeping and management of content, both techniques are often used to protect and manage content of significant value such as audio, video, still images, text, programming data and other information in digital or analog formats. In an example workflow of content preparation and distribution, a content may be first embedded with digital watermarks; then it may optionally be compressed (to save storage space and/or transmission bandwidth) and finally, it may be encrypted prior to being transmitted or stored outside of a secure environment. Note, that in some applications, the insertion of watermarks may alternatively, or additionally, take place after the compression of the content but prior to the encryption. In some applications, however, it may be advantageous to insert digital watermarks directly into an encrypted data stream (without first decrypting the content). For example, in a forensic tracking application, a digital movie, after appropriate post production processing, may be encrypted at the movie studio or post production house, and sent out for distribution to movie theatres, to on-line retailers, or directly to the consumer. In such applications, it is often desired to insert forensic or transactional watermarks into the movie content to identify each entity or node in the distribution channel, including the purchasers of the content, the various distributors of the content, the presentation venue and the time/date/location of each presentation or purchase. Since a multiplicity of purchase/presentation requests may be received at any given time, it is also desired to insert the watermarks expeditiously and efficiently into the content without introducing significant delays in the processing and transmission of the requested content.
One way to achieve this goal would be to, at each desired node of the distribution channel, decrypt and possibly decompress the content, insert the appropriate watermarks and then re-compress and re-encrypt the embedded content. This procedure not only requires the knowledge of the encryption/decryption algorithms as well as the presence of encryption/decryption keys at each distribution node, but is also likely to introduce significant delays in the processing of the content. While it may be possible to securely communicate the encryption/decryption keys to theses nodes and produce a secure environment for the encryption/decryption to take place, this task would require additional system design, network security operations and key management protocols which may affect the operational cost and overall security of the distribution system.
It would be advantageous to provide methods, apparatus, and systems for digital watermarking that overcome various deficiencies of the prior art by providing the capability of watermark insertion into an encrypted content signal. In particular, it would be advantageous to provide methods, apparatus, and systems for the insertion of watermarks into an encrypted digital content that do not require the decryption and subsequent re-encryption of the digital content. It would also be advantageous to allow secure insertion of digital watermarks at any point in the transmission, storage or distribution of an encrypted digital content, without the need to decrypt (and further re-encrypt) the encrypted digital host content signal, and without requiring the knowledge of the encryption/decryption keys. It would be further advantageous if such embedded watermarks were adapted to persist throughout the content after it has undergone decryption. It would be still further advantageous to enable the insertion of digital watermarks into an encrypted host content that is in a compressed format and in such a way that the embedded watermarks persist throughout the content even after decryption and decompression of the host content signal. It would be advantageous if such techniques were applicable to a host content that has been encrypted using a variety of different encryption techniques, including stream ciphers, block cipher, symmetric and asymmetric encryption algorithms.
The methods, apparatus, and systems of the present invention provide the foregoing and other advantages.